The February 2023 issue of IEEE Spectrum is here!

Close bar

Australia's Prime Minister's Emails Hacked

China suspected once again

2 min read
Australia's Prime Minister's Emails Hacked

First there was the Canada; next was France. Now there are Australian news stories like this one from Sydney's Daily Telegraph reporting that Australian Prime Minister Julia Gillard's email and the emails of as many as 10 other government ministers, including the Foreign and Defense ministers, have been successfully hacked. Thousands of emails were supposedly accessed for most of the month of February before the intrusion was stopped.

The Telegraph story says that:

 "Australian intelligence agencies were tipped off to the cyber-spy raid by US intelligence officials within the Central Intelligence Agency and the Federal Bureau of Investigation."

How the CIA and FBI found out about it wasn't reported. The Telegraph story also states that Chinese intelligence agencies were high on the list of those thought to be responsible.

This story at The Australian says that PM Gillard has been down playing the hacking. She said that the IT system compromised was "used primarily by local MPs to communicate with constituents" and that her sensitive work was done on a more secure Department of Prime Minister and Cabinet system.

The Australian also noted, however, that the government is not denying that highly sensitive material may have indeed been compromised by the attack.

Coincidentally (or maybe not), the Sydney Morning Herald ran a story yesterday concerning a report ("The Protection and Security of Electronic Information Held by Australian Government Agencies" here in PDF) by the Australian National Audit Office (ANAO) involving IT security practices at the Australian Office of Financial Management, ComSuper, Medicare Australia and the Department of the Prime Minister and Cabinet.

The ANAO discovered that around 20% of the passwords used at those organizations could be cracked in one hour using "brute force" password approaches. This number wasn't considered terribly bad; however, what did raise ANAO's concerns was that:

"... in three of the four agencies audited, the test compromised some administrator and/or service account passwords. As outlined above, these types of accounts have a high level of access to agencies’ ICT [Information and Communication Technology] systems. If an attacker managed to gain access to an agency ICT system by cracking an administrator or service account password, there could be serious consequences for that agency’s security."

In light of the ANAO report, the PM's assurance of using a secure IT system probably needs to be taken with a grain of salt.

The Conversation (0)

How Police Exploited the Capitol Riot’s Digital Records

Forensic technology is powerful, but is it worth the privacy trade-offs?

11 min read
 Illustration of the silhouette of a person with upraised arm holding a cellphone in front of the U.S. Capitol building. Superimposed on the head is a green matrix, which represents data points used for facial recognition
Gabriel Zimmer

The group of well-dressed young men who gathered on the outskirts of Baltimore on the night of 5 January 2021 hardly looked like extremists. But the next day, prosecutors allege, they would all breach the United States Capitol during the deadly insurrection. Several would loot and destroy media equipment, and one would assault a policeman.

No strangers to protest, the men, members of the America First movement, diligently donned masks to obscure their faces. None boasted of their exploits on social media, and none of their friends or family would come forward to denounce them. But on 5 January, they made one piping hot, family-size mistake: They shared a pizza.

Keep Reading ↓Show less